[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1D1y3Z-0007th-Vn@updates.mandrakesoft.com>
Date: Thu, 17 Feb 2005 19:39:49 -0700
From: Mandrakelinux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:040 - Updated PostgreSQL packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: postgresql
Advisory ID: MDKSA-2005:040
Date: February 17th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A number of vulnerabilities were found and corrected in the PostgreSQL
DBMS:
A flaw in the LOAD command could be abused by a local user to load
arbitrary shared libraries and as a result execute arbitrary code with
the privileges of the user running the postgresql server
(CAN-2005-0227).
A permission checking flaw was found where a local user could bypass
the EXECUTE permission check for functions using the CREATE AGGREGATE
command (CAN-2005-0244).
Multiple bufffer overflows were discovered in PL/PgSQL. A database
user with permission to create plpgsql functions could trigger these
flaws which could then lead to arbitrary code execution with the
privileges of the user running the postgresql server (CAN-2005-0245
and CAN-2005-0247).
Finally, a flaw in the integer aggregator (intagg) contrib module was
found. A user could create carefully crafted arrays and crash the
server, causing a Denial of Service (CAN-2005-0246).
The updated packages have been patched to correct these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0247
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
16ffc8828537cc68c3677e847bba3423 10.0/RPMS/libecpg3-7.4.1-2.3.100mdk.i586.rpm
4020d5d5f6f3f54e4d25f84a75ab691d 10.0/RPMS/libecpg3-devel-7.4.1-2.3.100mdk.i586.rpm
9232db8cc28358e2d4a3a9edd7a87187 10.0/RPMS/libpgtcl2-7.4.1-2.3.100mdk.i586.rpm
520b86f7d74d29146e55f74330b1a552 10.0/RPMS/libpgtcl2-devel-7.4.1-2.3.100mdk.i586.rpm
d72e9063c841bd43e9242034f474244b 10.0/RPMS/libpq3-7.4.1-2.3.100mdk.i586.rpm
6419d8bec8b95e4ecaeedebd52c93738 10.0/RPMS/libpq3-devel-7.4.1-2.3.100mdk.i586.rpm
7c280a56ab05ea690c766e539c719f99 10.0/RPMS/postgresql-7.4.1-2.3.100mdk.i586.rpm
2001b4acc4f4d47b0416a67ef41981fd 10.0/RPMS/postgresql-contrib-7.4.1-2.3.100mdk.i586.rpm
4dcc1389b8057ff8200c639ad5a3f4ec 10.0/RPMS/postgresql-devel-7.4.1-2.3.100mdk.i586.rpm
453e7a73a7b9dc82ae934cb1e577dc01 10.0/RPMS/postgresql-docs-7.4.1-2.3.100mdk.i586.rpm
2e75916c1fba4577305ac550035e4743 10.0/RPMS/postgresql-jdbc-7.4.1-2.3.100mdk.i586.rpm
afd194432b0e32084ba5fa8a65f998e2 10.0/RPMS/postgresql-pl-7.4.1-2.3.100mdk.i586.rpm
a44ff8f4b5fc39031001e4a9229d572a 10.0/RPMS/postgresql-server-7.4.1-2.3.100mdk.i586.rpm
43bc338135c44b923e1fe2a4f8daf2d8 10.0/RPMS/postgresql-tcl-7.4.1-2.3.100mdk.i586.rpm
a4b5edb7b50fb00d506f269539291052 10.0/RPMS/postgresql-test-7.4.1-2.3.100mdk.i586.rpm
5a2668b9715dff828032beb884f1c13a 10.0/SRPMS/postgresql-7.4.1-2.3.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
ba8ac7fb475e2458d418a9d28f7a6bdd amd64/10.0/RPMS/lib64ecpg3-7.4.1-2.3.100mdk.amd64.rpm
9aa82839d8707bba9a3f381e541e9eaa amd64/10.0/RPMS/lib64ecpg3-devel-7.4.1-2.3.100mdk.amd64.rpm
e0eea0ccee8fc51fda4b275cee2861d6 amd64/10.0/RPMS/lib64pgtcl2-7.4.1-2.3.100mdk.amd64.rpm
f0bfa9d336643270dd80995662af9434 amd64/10.0/RPMS/lib64pgtcl2-devel-7.4.1-2.3.100mdk.amd64.rpm
d83ff9d9e546b24091d76aca353d35e2 amd64/10.0/RPMS/lib64pq3-7.4.1-2.3.100mdk.amd64.rpm
13dc44f2b9561e42d2a8056fbb699bbb amd64/10.0/RPMS/lib64pq3-devel-7.4.1-2.3.100mdk.amd64.rpm
7d271112bbab112b1fb28b303eb9e0a7 amd64/10.0/RPMS/postgresql-7.4.1-2.3.100mdk.amd64.rpm
67a2bb9406e042bea5688d642c337caa amd64/10.0/RPMS/postgresql-contrib-7.4.1-2.3.100mdk.amd64.rpm
56a76464a238ff294c003d28a8200140 amd64/10.0/RPMS/postgresql-devel-7.4.1-2.3.100mdk.amd64.rpm
91a14f0eed85c582b631203c1e4f06ac amd64/10.0/RPMS/postgresql-docs-7.4.1-2.3.100mdk.amd64.rpm
fa85691eb7a9324566c4fee3f10076b8 amd64/10.0/RPMS/postgresql-jdbc-7.4.1-2.3.100mdk.amd64.rpm
78fd692dc47840cda2bfe8026da94a9e amd64/10.0/RPMS/postgresql-pl-7.4.1-2.3.100mdk.amd64.rpm
803e9e42a9520e987eebc84f2b6775b5 amd64/10.0/RPMS/postgresql-server-7.4.1-2.3.100mdk.amd64.rpm
f81990aaf4864f7ff90d6ade4b0e8dc2 amd64/10.0/RPMS/postgresql-tcl-7.4.1-2.3.100mdk.amd64.rpm
8c1313adf68fd74632aa90de56206e59 amd64/10.0/RPMS/postgresql-test-7.4.1-2.3.100mdk.amd64.rpm
5a2668b9715dff828032beb884f1c13a amd64/10.0/SRPMS/postgresql-7.4.1-2.3.100mdk.src.rpm
Mandrakelinux 10.1:
cfbf2d0416581890cb92ffbfe85f3148 10.1/RPMS/libecpg3-7.4.5-4.2.101mdk.i586.rpm
5d06b5ce19f406df2c59c7700aef56b6 10.1/RPMS/libecpg3-devel-7.4.5-4.2.101mdk.i586.rpm
fce660063ea19318bb1e3b3ff7a3c3f1 10.1/RPMS/libpgtcl2-7.4.5-4.2.101mdk.i586.rpm
fa13708a3ce7b8972f6c102409196115 10.1/RPMS/libpgtcl2-devel-7.4.5-4.2.101mdk.i586.rpm
d4dbb5f29b2453127e20814c166749a2 10.1/RPMS/libpq3-7.4.5-4.2.101mdk.i586.rpm
e1c0fb23f3244c0f41e36a24bbd54879 10.1/RPMS/libpq3-devel-7.4.5-4.2.101mdk.i586.rpm
26fa14f28369a12a1b94be68ae502429 10.1/RPMS/postgresql-7.4.5-4.2.101mdk.i586.rpm
21461b1fcec94edd17d105817664d8d9 10.1/RPMS/postgresql-contrib-7.4.5-4.2.101mdk.i586.rpm
7692813ddccb5a365463d0f9644ff4ca 10.1/RPMS/postgresql-devel-7.4.5-4.2.101mdk.i586.rpm
8e2040db7835bcce566574da3e7d6cd4 10.1/RPMS/postgresql-docs-7.4.5-4.2.101mdk.i586.rpm
b92bfdc895060d4d0802508632105035 10.1/RPMS/postgresql-jdbc-7.4.5-4.2.101mdk.i586.rpm
db2c90c7c39c013c013d2d3d9d113765 10.1/RPMS/postgresql-pl-7.4.5-4.2.101mdk.i586.rpm
c7613cdabf7e94505eaf7c87184a16f9 10.1/RPMS/postgresql-server-7.4.5-4.2.101mdk.i586.rpm
41f893da26544b0fa198e6279c170f07 10.1/RPMS/postgresql-tcl-7.4.5-4.2.101mdk.i586.rpm
0454c551cfc2d85561973ccd67c2b91d 10.1/RPMS/postgresql-test-7.4.5-4.2.101mdk.i586.rpm
eb44e6b640cda424b0b07a68f1a52dec 10.1/SRPMS/postgresql-7.4.5-4.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
c3d7002d1791bfd467201e1e3ec45813 x86_64/10.1/RPMS/lib64ecpg3-7.4.5-4.2.101mdk.x86_64.rpm
3588072e4ac37d48ce17b19af768ff53 x86_64/10.1/RPMS/lib64ecpg3-devel-7.4.5-4.2.101mdk.x86_64.rpm
944c52672e0a156a063e4b9d23be5434 x86_64/10.1/RPMS/lib64pgtcl2-7.4.5-4.2.101mdk.x86_64.rpm
3392f7f1bb345198e7db0c5ecda9614e x86_64/10.1/RPMS/lib64pgtcl2-devel-7.4.5-4.2.101mdk.x86_64.rpm
91c6169bc0c6a30d2ca6c3081e7531d3 x86_64/10.1/RPMS/lib64pq3-7.4.5-4.2.101mdk.x86_64.rpm
0006b0af52c0f07140ad62f2551a2b75 x86_64/10.1/RPMS/lib64pq3-devel-7.4.5-4.2.101mdk.x86_64.rpm
84e54857dd38ceb0331cf7d6afa873f2 x86_64/10.1/RPMS/postgresql-7.4.5-4.2.101mdk.x86_64.rpm
d53d51c03e9cf6b2111aec6c2bbecce4 x86_64/10.1/RPMS/postgresql-contrib-7.4.5-4.2.101mdk.x86_64.rpm
0a367e8f05859e51fc9c7aa43a77c196 x86_64/10.1/RPMS/postgresql-devel-7.4.5-4.2.101mdk.x86_64.rpm
f02047b426694df93a3995251f210e51 x86_64/10.1/RPMS/postgresql-docs-7.4.5-4.2.101mdk.x86_64.rpm
441f29064e398dfcb81344c2ab1c97df x86_64/10.1/RPMS/postgresql-jdbc-7.4.5-4.2.101mdk.x86_64.rpm
d0009a4a3e40bd4dbb366cbbd209b75f x86_64/10.1/RPMS/postgresql-pl-7.4.5-4.2.101mdk.x86_64.rpm
ad7747cd7531512f4137ec3fc53bb678 x86_64/10.1/RPMS/postgresql-server-7.4.5-4.2.101mdk.x86_64.rpm
a8e723d3059d6464b9543781bac73b13 x86_64/10.1/RPMS/postgresql-tcl-7.4.5-4.2.101mdk.x86_64.rpm
8f5bfc4b116ab384a51f5d4f3898a87a x86_64/10.1/RPMS/postgresql-test-7.4.5-4.2.101mdk.x86_64.rpm
eb44e6b640cda424b0b07a68f1a52dec x86_64/10.1/SRPMS/postgresql-7.4.5-4.2.101mdk.src.rpm
Corporate Server 2.1:
07828dc552fa6bb7ec317629506bbaec corporate/2.1/RPMS/libecpg3-7.2.2-1.6.C21mdk.i586.rpm
1b22046007724c7f2d53daa27bf6aa97 corporate/2.1/RPMS/libpgperl-7.2.2-1.6.C21mdk.i586.rpm
543c329b9a40d115fc4cbed5a960f5d8 corporate/2.1/RPMS/libpgsql2-7.2.2-1.6.C21mdk.i586.rpm
aa6041f4e4ca1a5e1bc16f1d977940b1 corporate/2.1/RPMS/libpgsqlodbc0-7.2.2-1.6.C21mdk.i586.rpm
3cb3c7a6d281dc612df295c2bdb9f0c2 corporate/2.1/RPMS/libpgtcl2-7.2.2-1.6.C21mdk.i586.rpm
3e2f09fa209071e921e3d8e0e5b1351c corporate/2.1/RPMS/postgresql-7.2.2-1.6.C21mdk.i586.rpm
d3d7ef771756c8e84e159601a4b10866 corporate/2.1/RPMS/postgresql-contrib-7.2.2-1.6.C21mdk.i586.rpm
a443fa9d365d6d9a14078868697fd67e corporate/2.1/RPMS/postgresql-devel-7.2.2-1.6.C21mdk.i586.rpm
f03e1880bcf194e0acbfddb5a6448ec7 corporate/2.1/RPMS/postgresql-docs-7.2.2-1.6.C21mdk.i586.rpm
0987e784211fdc488ec199543deba1db corporate/2.1/RPMS/postgresql-jdbc-7.2.2-1.6.C21mdk.i586.rpm
99e748cea890e06a38c5313a7cd92672 corporate/2.1/RPMS/postgresql-python-7.2.2-1.6.C21mdk.i586.rpm
ff9096291b65bd3df3b2d54b9f0cd33d corporate/2.1/RPMS/postgresql-server-7.2.2-1.6.C21mdk.i586.rpm
228bc6d5a908e93c916d125ee0f05ae0 corporate/2.1/RPMS/postgresql-tcl-7.2.2-1.6.C21mdk.i586.rpm
308a1ec1153ee10773198a55eab564a2 corporate/2.1/RPMS/postgresql-test-7.2.2-1.6.C21mdk.i586.rpm
c8b5f9daf5cab602786e1b1a860a9618 corporate/2.1/RPMS/postgresql-tk-7.2.2-1.6.C21mdk.i586.rpm
7796f01877c9b9d9b8e3820525cab446 corporate/2.1/SRPMS/postgresql-7.2.2-1.6.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
967ecc436c88f3d2f608f785ecae7fdf x86_64/corporate/2.1/RPMS/libecpg3-7.2.2-1.6.C21mdk.x86_64.rpm
e05af552003ffd68fbcb272cb2612392 x86_64/corporate/2.1/RPMS/libpgperl-7.2.2-1.6.C21mdk.x86_64.rpm
621c6fd539691fba7c17ea952834a9e0 x86_64/corporate/2.1/RPMS/libpgsql2-7.2.2-1.6.C21mdk.x86_64.rpm
126c387736352aa517d2d1b0192d68c7 x86_64/corporate/2.1/RPMS/libpgsqlodbc0-7.2.2-1.6.C21mdk.x86_64.rpm
93971eeef37a3240cf2230252fe4f102 x86_64/corporate/2.1/RPMS/libpgtcl2-7.2.2-1.6.C21mdk.x86_64.rpm
9987aec07e00da4b080be380ffaeda06 x86_64/corporate/2.1/RPMS/postgresql-7.2.2-1.6.C21mdk.x86_64.rpm
bc534eb525ace51b90a7242006c1d8d1 x86_64/corporate/2.1/RPMS/postgresql-contrib-7.2.2-1.6.C21mdk.x86_64.rpm
797ef3bd86d8f6c124fe31f6d954dc45 x86_64/corporate/2.1/RPMS/postgresql-devel-7.2.2-1.6.C21mdk.x86_64.rpm
1ac00353ef746416c66c9f9f5342566a x86_64/corporate/2.1/RPMS/postgresql-docs-7.2.2-1.6.C21mdk.x86_64.rpm
70abda3fd5a1b1fc7a120452e6a357be x86_64/corporate/2.1/RPMS/postgresql-jdbc-7.2.2-1.6.C21mdk.x86_64.rpm
228e3a15542579e652bd0011a18d0a33 x86_64/corporate/2.1/RPMS/postgresql-python-7.2.2-1.6.C21mdk.x86_64.rpm
40a38bfcfdbdbb89a3f545be7a38cc02 x86_64/corporate/2.1/RPMS/postgresql-server-7.2.2-1.6.C21mdk.x86_64.rpm
d656d3014fab927f6ed576c2f2b0fab2 x86_64/corporate/2.1/RPMS/postgresql-tcl-7.2.2-1.6.C21mdk.x86_64.rpm
35fab1227bfc8714b8b3adb906934f4f x86_64/corporate/2.1/RPMS/postgresql-test-7.2.2-1.6.C21mdk.x86_64.rpm
a3e17c5b1e601651125753d743ddbdf2 x86_64/corporate/2.1/RPMS/postgresql-tk-7.2.2-1.6.C21mdk.x86_64.rpm
7796f01877c9b9d9b8e3820525cab446 x86_64/corporate/2.1/SRPMS/postgresql-7.2.2-1.6.C21mdk.src.rpm
Corporate 3.0:
703f412b51e8a67f4fe730001fff869a corporate/3.0/RPMS/libecpg3-7.4.1-2.3.C30mdk.i586.rpm
9f110cf2987d1640aad133466a370ac9 corporate/3.0/RPMS/libecpg3-devel-7.4.1-2.3.C30mdk.i586.rpm
15faf2e314a2f58576bc767873f38dd5 corporate/3.0/RPMS/libpgtcl2-7.4.1-2.3.C30mdk.i586.rpm
453a316a93ed80391c90d7d5f1f3a6a2 corporate/3.0/RPMS/libpgtcl2-devel-7.4.1-2.3.C30mdk.i586.rpm
f1cdf3eb4c3c2de0258da3aa96f28b51 corporate/3.0/RPMS/libpq3-7.4.1-2.3.C30mdk.i586.rpm
b812a36bcfbfa5ff5e1277916427fed4 corporate/3.0/RPMS/libpq3-devel-7.4.1-2.3.C30mdk.i586.rpm
c14ee05bd18670aa32daadf7874058ea corporate/3.0/RPMS/postgresql-7.4.1-2.3.C30mdk.i586.rpm
480c6b12fd9f67b461565150990d94dd corporate/3.0/RPMS/postgresql-contrib-7.4.1-2.3.C30mdk.i586.rpm
3eeddc76a7a76e27f182ba4cb1b17e42 corporate/3.0/RPMS/postgresql-devel-7.4.1-2.3.C30mdk.i586.rpm
485b6c829446ea045279be079e1fa072 corporate/3.0/RPMS/postgresql-docs-7.4.1-2.3.C30mdk.i586.rpm
8bd2d6305f5251ba836c18f75d988227 corporate/3.0/RPMS/postgresql-jdbc-7.4.1-2.3.C30mdk.i586.rpm
641f0a542a38f4c11ab4dc3ef4342276 corporate/3.0/RPMS/postgresql-pl-7.4.1-2.3.C30mdk.i586.rpm
c3159ed459277846c1039bba90311b95 corporate/3.0/RPMS/postgresql-server-7.4.1-2.3.C30mdk.i586.rpm
b21d6d84e624db0392e574a169502061 corporate/3.0/RPMS/postgresql-tcl-7.4.1-2.3.C30mdk.i586.rpm
cdb56ad60e5873d9352e368f38e0ff4d corporate/3.0/RPMS/postgresql-test-7.4.1-2.3.C30mdk.i586.rpm
9b08dd32f213eb5d72eefdb1180d4e07 corporate/3.0/SRPMS/postgresql-7.4.1-2.3.C30mdk.src.rpm
Corporate 3.0/X86_64:
1fea9bc21a5abc4f82b8d7daaa303536 x86_64/corporate/3.0/RPMS/lib64ecpg3-7.4.1-2.3.C30mdk.x86_64.rpm
551d09da754f2df20149be16bb6db2d4 x86_64/corporate/3.0/RPMS/lib64ecpg3-devel-7.4.1-2.3.C30mdk.x86_64.rpm
47fa740b136759bc2994ae7ec835a94f x86_64/corporate/3.0/RPMS/lib64pgtcl2-7.4.1-2.3.C30mdk.x86_64.rpm
de25619797d5158ced82900075b3936d x86_64/corporate/3.0/RPMS/lib64pgtcl2-devel-7.4.1-2.3.C30mdk.x86_64.rpm
d91013404c9707cd0ae118a463ff0c6f x86_64/corporate/3.0/RPMS/lib64pq3-7.4.1-2.3.C30mdk.x86_64.rpm
71dcfe4eb96aba1530434daa07fd6eed x86_64/corporate/3.0/RPMS/lib64pq3-devel-7.4.1-2.3.C30mdk.x86_64.rpm
3f168888bf5efd05ef6fd719d9c01917 x86_64/corporate/3.0/RPMS/postgresql-7.4.1-2.3.C30mdk.x86_64.rpm
6c8dd16779bc40266cd64f1f412d2102 x86_64/corporate/3.0/RPMS/postgresql-contrib-7.4.1-2.3.C30mdk.x86_64.rpm
75c1a72e9cbb770c1a236ab6ddb2ab76 x86_64/corporate/3.0/RPMS/postgresql-devel-7.4.1-2.3.C30mdk.x86_64.rpm
f0025782e729ec6b411fdf8571c77144 x86_64/corporate/3.0/RPMS/postgresql-docs-7.4.1-2.3.C30mdk.x86_64.rpm
49f9232aecedb50ad4aa2d1dcfa701a5 x86_64/corporate/3.0/RPMS/postgresql-jdbc-7.4.1-2.3.C30mdk.x86_64.rpm
7c26529d41d00b88ea641d93bf1a52b7 x86_64/corporate/3.0/RPMS/postgresql-pl-7.4.1-2.3.C30mdk.x86_64.rpm
e329a502d793ac88c26b378558cd8578 x86_64/corporate/3.0/RPMS/postgresql-server-7.4.1-2.3.C30mdk.x86_64.rpm
c0864e32bdd125df52263916125bad7b x86_64/corporate/3.0/RPMS/postgresql-tcl-7.4.1-2.3.C30mdk.x86_64.rpm
e8f6a709d4809fd20f2b0842cbfac96a x86_64/corporate/3.0/RPMS/postgresql-test-7.4.1-2.3.C30mdk.x86_64.rpm
9b08dd32f213eb5d72eefdb1180d4e07 x86_64/corporate/3.0/SRPMS/postgresql-7.4.1-2.3.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCFVV1mqjQ0CJFipgRAuyjAJ4xpmPIrl4D+T/KF1VaE3l3wP642QCgzk0x
fMnuQu4mRw4/d6UuU5cykDQ=
=Fyd+
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists